Adobe is changing the world through digital experiences. Our creative, marketing and document solutions empower everyone — from emerging artists to global brands — to bring digital creations to life and deliver them to the right person
at the right moment for the best results.

Security bulletin

Security Advisory for Adobe Illustrator CS4 and Adobe Illustrator CS3

Release date: December 07, 2009

Vulnerability identifier: APSA09-06

CVE number: CVE-2009-4195

Platform: All Platforms

Summary

Adobe is aware of a report of a buffer overflow vulnerability in Adobe Illustrator CS4 and Adobe Illustrator CS3 that could lead to arbitrary code execution. Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010. Adobe recommends customers avoid opening .eps files from unknown or untrusted sources in Illustrator until a patch is available.

Affected software versions

Severity rating

Adobe categorizes this as a critical issue and recommends that users avoid opening .eps files from unknown or untrusted sources in Illustrator until a patch is available.

Details

Adobe is aware of a report of a buffer overflow vulnerability in Adobe Illustrator CS4 and Adobe Illustrator CS3 that could lead to arbitrary code execution. A successful exploit of the vulnerability would require a local user to take the action of opening a malicious .eps file in Illustrator. Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010. Adobe recommends customers avoid opening .eps files from unknown or untrusted sources in Illustrator until a patch is available.